SOUTH CAROLINA 

ELECTION COMMISSION 


The mission of the State Election Commission is to ensure every eligible citizen in South 
Carolina (SC) has the opportunity to register to vote, to participate in fair and impartial 
elections, and have the assurance that their vote will count. The greatest challenge for the S.C. 
State Election Commission (SEC) over the past two years has been ensuring we have taken all 
reasonable measures to better secure the state's election infrastructure. The U.S. Department 
of Homeland Security designated election systems as critical infrastructure in January 
2017. The SEC has applied considerable resources to hardening both the state's voting and 
voter registration systems by applying testing, assessments, and technological and human 
resources. As a result, the state's election infrastructure is more secure today, and the SEC 
continues to assess its security posture to identify additional security measures in light of 
emerging threats and new technologies. 

As such, we intend to utilize the $6,040,794 in 2018 HAVA Election Security grant funds to 
harden our security posture thus fundamentally enhancing the resilience of elections in the 
South Carolina. 

PROJECT SUMMARY: 

Prior to receiving federal funds, SC had already began the process of hardening its security 
posture for the 2018 General Election through the use of State appropriated funds. The agency 
will use its allocation of HAVA grants funds to supplement the cost of replacing the current 
paperless statewide voting system and to conduct a series of comprehensive security 
assessments followed by applicable remediation over the grants term. 


PROBLEM STATEMENT: 

The State of South Carolina currently uses a statewide electronic voting system that was 
implemented in 2004-2005. The system includes more than 12,000 paperless touch screen 
voting machines, optical ballot scanners for absentee by mail ballots and other peripheral 
equipment that is at end of life. 

Additionally, the state faces threats from various actors against its statewide voter registration 
system and other cyber assets. The SEC remains actively engaged in identifying and 
remediating any and all potential vulnerabilities. 
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PROJECT DESCRIPTION: 

1. Voting Equipment Replacement and Upgrades 

a. Replace the current paperless statewide voting system, using the state's Request for 

Proposal (RFP) process, with one certified by a testing laboratory accredited by the 

Federal Election Assistance Commission (EAC) as required in State law. 

i. Timeframe: January-December 2019 

2. Election Auditing (Section Not Applicable) 

3. Voting Registration Systems and Management (Section Not Applicable) 

4. Cyber Vulnerabilities 

a. Conduct various risk and vulnerability assessments, code reviews, and 
penetration tests of the statewide Voter Registration and Elections Management 
System over the grants term along with other periodic contracted scans of 
agency networks. These scans will be in addition to the DHS Cyber Hygiene 
Program scans and those conducted by the S.C. Department of Administration. 

i. Timeframe: June 2018-December 2022 

b. Remediate vulnerabilities discovered, or address areas of concern discovered, 
during the vulnerability assessment, code review, and penetration test. 

i. Timeframe: June 2018-March 2023 

c. Conduct a risk and vulnerability assessment of the agency's statewide intranet 
accessed by election officials. Determine the feasibility of reassigning the 
associated servers to a cloud-based service for enhanced security protections. 
Reassign servers as deemed feasible. 

i. Timeframe: June 2018-December 2022 

d. Conduct a risk and vulnerability assessment along with a penetration test of the 
State's current e-poll book and remediate any vulnerabilities. 

i. Timeframe: July 2018-August 2018 

e. Introduce a supplementary statewide intrusion detection system that enacts 
network monitoring solutions in each of the forty-six counties with offices that 
access the statewide voter registration system and the elections management 
system. 

i. Timeframe: July 2018-February 2019 
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f. Conduct a risk and vulnerability assessment of the election VPN infrastructure 
and equipment. 

i. Timeframe: June 2018-September 2018 

5. Training 

a. Host a voting and election systems workshop for election officials across the 
State entitled "2018 Election Security and Technology Workshop". Objectives 
for this 2-day workshop will be to increase participant's cyber security awareness 
and preparedness, acquire new voting systems knowledge, and to conduct a 
cyber training exercise to assess participant's readiness. 

i. Day 1 - Participants will view voting systems offered by EAC certified 
manufactures, receive a presentation on ballot auditing methodologies, 
and study various balloting strategies. 

ii. Day 2 - County election directors, staff, and board members will 
participate in a Cyber Tabletop Exercise facilitated by the U.S. 

Department of Homeland Security (DHS). 

iii. Timeline: August 2018 

6. Communication (Section Not Applicable) 


Strategic Objectives for the 2018 General Election 


Activity 

Budget 

Conduct a secure code review, enhanced vulnerability assessments and 
penetration tests of the statewide voter registration system and agency 
networks. 

$ 82,000 

Complete the remediation of vulnerabilities discovered, or address areas of 
concern discovered following various system assessments and tests. 

$ 21,000 

Purchase and install secure endpoints in each county office. 

$ 32,200 

Begin the purchase and installation of a supplementary statewide intrusion 
detection system that will include network monitoring devices in each 
county to enhance the security posture of the statewide voter registration 
system. 

$ 36,000 

Host a 2018 Election Security and Technology Workshop that will include a 
Table Top Exercise (TTX) facilitated by the US Department of Homeland 
Security. Key election officials in each county along with their county 
information technology directors will be invited to participate. 

$ 25,000 

Total 

$196,200 
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HAVA Grant Project Time Line 


Activity 

2018 

2019 

2020 

2021 

2022 

2023 

Begin the process to replace the current paperless statewide voting 
system, using the state's Request for Proposal (RFP) process, with one 
certified by a testing laboratory accredited by the Federal Election 
Assistance Commission (EAC) as required in State law. 


X 





Conduct various risk and vulnerability assessments, code reviews, and 
penetration tests of the statewide Voter Registration and Elections 
Management System over the grants term along with other periodic 
contracted scans of agency networks. These scans will be in addition 
to the DHS Cyber Hygiene Program scans and those conducted by the 
S.C. Department of Administration. 

X 

X 

X 

X 

X 


Remediate vulnerabilities discovered, or address areas of concern 
discovered, during the vulnerability assessment, code review, and 
penetration test. 

X 

X 

X 

X 

X 

X 

Conduct a risk and vulnerability assessment of the agency's statewide 
intranet accessed by election officials. Determine the feasibility of 
reassigning the associated servers to a cloud-based service for 
enhanced security protections. Reassign servers as deemed feasible. 

X 

X 

X 

X 

X 


Conduct a risk and vulnerability assessment along with a penetration 
test of the State's current e-poll book and remediate any 
vulnerabilities. 

X 






Introduce a supplementary statewide intrusion detection system that 
enacts network monitoring solutions in each of the forty-six counties 
with offices that access the statewide voter registration system and 
the elections management system. 

X 






Conduct a risk and vulnerability assessment of the election VPN 
infrastructure and equipment. 

X 






Host a voting and election systems workshop for election officials 
across the State entitled "2018 Election Security and Technology 
Workshop". Objectives for this 2-day workshop will be to increase 
participant's cyber security awareness and preparedness, acquire new 
voting systems knowledge, and to conduct a cyber training exercise to 
assess participant's readiness. 

X 






Submit final request to close out grant 






X 



















2018 HAVA ELECTION SECURITY GRANT 

Budget Information 

CFDA # 90.404 Non-Construction Program 

Name of Organization: 

Budget Period Start: 

Budget Period End: 

South Carolina State 

3/23/2018 

3/23/2023 

Election Commission 

SECTION A- BUDGET SUMIV 

FEDERAL & NON- 

(Consolidated Budget for total project term- 
FEDERAL FUNDS (Match) up to 5 years as defined by grantee) 

PROGRAM CATEGORIES 

BUDGET CATEGORIES 

(a) Voting 
Equipment 

(b) Election 
Auditing 

(c ) Voter 
Registration 
Systems 

(d) Cyber Security 

(e) Communications 

(f) Other 

(g) other 

TOTALS 

% Fed Total 

1. PERSONNEL (including fringe) 








$ 

0% 

2. EQUIPMENT 

$ 5,515,794.00 







$ 5,515,794.00 

91% 

3. SUBGRANTS-to local voting jurisdictions 








$ 

0% 

4. TRAINING 




$ 25,000.00 




$ 25,000.00 

0% 

5. All OTHER COSTS 




$ 500,000.00 




$ 500,000.00 

8% 

6. TOTAL DIRECT COSTS (1-6) 

$ 5,515,794.00 

$ 

$ 

$ 525,000.00 

$ 

S 

$ 

$ 6,040,794.00 


7. INDIRECT COSTS (if applied) 








$ 

0% 

8. Total Federal Budget 

$ 5,515,794.00 

$ 

$ 

$ 525,000.00 

$ 

S 

$ 

$ 6,040,794.00 


11. Non-Federal Match 

$ 302,040.00 







$ 302,040.00 


12. Total Program Budget 

$ 5,817,834.00 

$ 

$ 

$ 525,000.00 

$ 

S 

$ 

$ 6,342,834.00 


13. Percentage By Category 

91% 

0% 

0% 

9% 

0% 

0% 

0% 






Proposed State Match 

5.0% 




A. Do you have an Indirect Cost Rate Agreement approved by the Federal government or 
some other non-federal entity? 

If yes, please provide the following information: 

B. Period Covered by the Indirect Cost Rate Agreement (mm/dd/yyyy-mm/dd/yyy): 

No 



C. Approving Federal agency: 

D. If other than Federal agency, please specify: 

E. The Indirect Cost Rate is: 






























































